Added |
CVSS V3 |
|
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Added |
CVSS V2 |
|
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
|
Added |
CWE |
|
CWE-20
|
Added |
CPE Configuration |
|
OR
*cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*
|
Added |
CPE Configuration |
|
OR
*cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*
*cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*
|
Changed |
Reference Type |
http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html No Types Assigned
|
http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html Technical Description, Third Party Advisory
|
Changed |
Reference Type |
http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/ No Types Assigned
|
http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/ Technical Description, Third Party Advisory
|
Changed |
Reference Type |
https://cwiki.apache.org/confluence/display/WW/S2-045 No Types Assigned
|
https://cwiki.apache.org/confluence/display/WW/S2-045 Mitigation, Vendor Advisory
|
Changed |
Reference Type |
https://exploit-db.com/exploits/41570 No Types Assigned
|
https://exploit-db.com/exploits/41570 Exploit, VDB Entry
|
Changed |
Reference Type |
https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a No Types Assigned
|
https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a Patch
|
Changed |
Reference Type |
https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228 No Types Assigned
|
https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228 Patch
|
Changed |
Reference Type |
https://github.com/mazen160/struts-pwn No Types Assigned
|
https://github.com/mazen160/struts-pwn Exploit
|
Changed |
Reference Type |
https://github.com/rapid7/metasploit-framework/issues/8064 No Types Assigned
|
https://github.com/rapid7/metasploit-framework/issues/8064 Exploit
|
Changed |
Reference Type |
https://isc.sans.edu/diary/22169 No Types Assigned
|
https://isc.sans.edu/diary/22169 Technical Description, Third Party Advisory
|
Changed |
Reference Type |
https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html No Types Assigned
|
https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html Third Party Advisory
|
Changed |
Reference Type |
https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt No Types Assigned
|
https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt Exploit, VDB Entry
|